<!DOCTYPE html>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 4.2.0">
  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#222">

<link rel="stylesheet" href="/css/main.css">


<link rel="stylesheet" href="/lib/font-awesome/css/font-awesome.min.css">

<script id="hexo-configurations">
    var NexT = window.NexT || {};
    var CONFIG = {"hostname":"yoursite.com","root":"/","scheme":"Muse","version":"7.7.1","exturl":false,"sidebar":{"position":"left","display":"post","padding":18,"offset":12,"onmobile":false},"copycode":{"enable":false,"show_result":false,"style":null},"back2top":{"enable":true,"sidebar":false,"scrollpercent":false},"bookmark":{"enable":false,"color":"#222","save":"auto"},"fancybox":false,"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"algolia":{"hits":{"per_page":10},"labels":{"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}},"localsearch":{"enable":false,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false},"motion":{"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}}};
  </script>

  <meta name="description" content="title:双图隐写 date:2020-3-31 15:00 双图隐写含义：泛指CTF竞赛中所有以两张图片为解题线索的题型，这里的两张图片可以指给出一张图片然后隐藏了另一张图片，也可以指直接给出了两张图片但是需要两张图片结合分析来提取出隐藏信息。 （考察经常和其他题型联系起来） 考察形式   双图隐写原理图像格式拼接      图层叠加      图像运算 （比赛中异或、加减接触较多）  相关考">
<meta property="og:type" content="article">
<meta property="og:title" content="双图隐写">
<meta property="og:url" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/index.html">
<meta property="og:site_name" content="tender healer">
<meta property="og:description" content="title:双图隐写 date:2020-3-31 15:00 双图隐写含义：泛指CTF竞赛中所有以两张图片为解题线索的题型，这里的两张图片可以指给出一张图片然后隐藏了另一张图片，也可以指直接给出了两张图片但是需要两张图片结合分析来提取出隐藏信息。 （考察经常和其他题型联系起来） 考察形式   双图隐写原理图像格式拼接      图层叠加      图像运算 （比赛中异或、加减接触较多）  相关考">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331153335066.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331153601507.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331153641644.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331153934742.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331154142315.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331154307125.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331154439781.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331154637149.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331154759479.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331155254930.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331155905348.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331160056672.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331160709643.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331161010616.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331161312315.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331161857976.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331162142088.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331162642350.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331162758704.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331162937075.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331163434940.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331163939011.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331164250260.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331164701994.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331164956572.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331165224366.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331165308449.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331165417871.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331165445234.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331165630255.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331170046879.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331170713527.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331173808779.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331173852425.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331175331065.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331175057595.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331175232247.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331175555713.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331180232045.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331180801663.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331182654644.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331182800800.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331182827924.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331182946226.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331183701112.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331183729992.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331183836842.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401162820947.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401163056630.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401163717381.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401164235983.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401165023091.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401165633988.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401165732332.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401165746558.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401165922612.png">
<meta property="og:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401170146733.png">
<meta property="article:published_time" content="2020-03-31T13:49:08.134Z">
<meta property="article:modified_time" content="2020-04-06T14:49:35.056Z">
<meta property="article:author" content="YQ Cong">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331153335066.png">

<link rel="canonical" href="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/">


<script id="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome: false,
    isPost: true
  };
</script>

  <title>双图隐写 | tender healer</title>
  






  <noscript>
  <style>
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header { opacity: initial; }

  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage">
  <div class="container use-motion">
    <div class="headband"></div>

    <header class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-meta">

    <div>
      <a href="/" class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">tender healer</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
        <p class="site-subtitle">Recording learning gains</p>
  </div>

  <div class="site-nav-toggle">
    <div class="toggle" aria-label="切换导航栏">
      <span class="toggle-line toggle-line-first"></span>
      <span class="toggle-line toggle-line-middle"></span>
      <span class="toggle-line toggle-line-last"></span>
    </div>
  </div>
</div>


<nav class="site-nav">
  
  <ul id="menu" class="menu">
        <li class="menu-item menu-item-home">

    <a href="/" rel="section"><i class="fa fa-fw fa-home"></i>首页</a>

  </li>
        <li class="menu-item menu-item-archives">

    <a href="/archives/" rel="section"><i class="fa fa-fw fa-archive"></i>归档</a>

  </li>
  </ul>

</nav>
</div>
    </header>

    
  <div class="back-to-top">
    <i class="fa fa-arrow-up"></i>
    <span>0%</span>
  </div>


    <main class="main">
      <div class="main-inner">
        <div class="content-wrap">
          

          <div class="content">
            

  <div class="posts-expand">
      
  
  
  <article itemscope itemtype="http://schema.org/Article" class="post-block " lang="zh-CN">
    <link itemprop="mainEntityOfPage" href="http://yoursite.com/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="/images/avatar.gif">
      <meta itemprop="name" content="YQ Cong">
      <meta itemprop="description" content="">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="tender healer">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          双图隐写
        </h1>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              <time title="创建时间：2020-03-31 21:49:08" itemprop="dateCreated datePublished" datetime="2020-03-31T21:49:08+08:00">2020-03-31</time>
            </span>
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="fa fa-calendar-check-o"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2020-04-06 22:49:35" itemprop="dateModified" datetime="2020-04-06T22:49:35+08:00">2020-04-06</time>
              </span>

          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
        <p>title:双图隐写</p>
<p>date:2020-3-31 15:00</p>
<h1 id="双图隐写"><a href="#双图隐写" class="headerlink" title="双图隐写"></a>双图隐写</h1><p>含义：泛指CTF竞赛中所有以两张图片为解题线索的题型，这里的两张图片可以指给出一张图片然后隐藏了另一张图片，也可以指直接给出了两张图片但是需要两张图片结合分析来提取出隐藏信息。</p>
<p>（考察经常和其他题型联系起来）</p>
<h2 id="考察形式"><a href="#考察形式" class="headerlink" title="考察形式"></a>考察形式</h2><p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331153335066.png" alt="image-20200331153335066"></p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331153601507.png" alt="image-20200331153601507"></p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331153641644.png" alt="image-20200331153641644"></p>
<h2 id="双图隐写原理"><a href="#双图隐写原理" class="headerlink" title="双图隐写原理"></a>双图隐写原理</h2><h3 id="图像格式拼接"><a href="#图像格式拼接" class="headerlink" title="图像格式拼接"></a>图像格式拼接</h3><p>  <img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331153934742.png" alt="image-20200331153934742"></p>
<p>  <img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331154142315.png" alt="image-20200331154142315"></p>
<h3 id="图层叠加"><a href="#图层叠加" class="headerlink" title="图层叠加"></a>图层叠加</h3><p>  <img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331154307125.png" alt="image-20200331154307125"></p>
<p>  <img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331154439781.png" alt="image-20200331154439781"></p>
<h3 id="图像运算"><a href="#图像运算" class="headerlink" title="图像运算"></a>图像运算</h3><p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331154637149.png" alt="image-20200331154637149"></p>
<p>（比赛中异或、加减接触较多）</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331154759479.png" alt="image-20200331154759479"></p>
<h2 id="相关考点分析"><a href="#相关考点分析" class="headerlink" title="相关考点分析"></a>相关考点分析</h2><h3 id="示例一：文件直接拼接"><a href="#示例一：文件直接拼接" class="headerlink" title="示例一：文件直接拼接"></a>示例一：文件直接拼接</h3><p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331155254930.png" alt="image-20200331155254930"></p>
<h4 id="文件分离"><a href="#文件分离" class="headerlink" title="文件分离"></a>文件分离</h4><p>1）linux（可能是）操作系统下，选一个图片，用binwalk命令分析</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331155905348.png" alt="image-20200331155905348"></p>
<p>2）可见本身图片是png图片，还包含一张jpeg图片（在十六进制的212A处），可使用winhex打开这个图像</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331160056672.png" alt="image-20200331160056672"></p>
<p>跳转到偏移处查看一下这张图象：先导入这张图像（就是打开winhex，把那个图像拖进去）</p>
<p>然后下方有个偏移量，点一下，输入212A，选择十六进制，以此跳转到十六进制的212A处，如下：</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331160709643.png" alt="image-20200331160709643"></p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331161010616.png" alt="image-20200331161010616"></p>
<p>（图中蓝色光标即为跳转到的位置）可见FF D8为JPEG格式的文件头，前面的IEND为png格式的最后一个数据块，往后数四个字节为校验和。</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331161312315.png" alt="image-20200331161312315"></p>
<p>到这里png格式文件就算结束了，文件尾紧接着就是JPEG格式的文件头，所以这个图片实际是两个不同文件格式的图像无缝衔接。</p>
<p>往后翻，JPEG文件格式的文件尾是FF D9</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331161857976.png" alt="image-20200331161857976"></p>
<p>这里包含了一个完整的jpeg文件结构，所以可以直接把这个图像从原来的png图像中分离出来，复制这个jpeg图像格式的十六进制数据（选中，右击&gt;编辑&gt;复制选块&gt;十六进制数值）</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331162142088.png" alt="image-20200331162142088"></p>
<p>新建一个文件（左上角有个“文件”，点击它&gt;新建），会弹出个框，新建即可。</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331162642350.png" alt="image-20200331162642350"></p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331162758704.png" alt="image-20200331162758704"></p>
<p>剪切过去，可新生成一个文件，另存为一下，然后打开它。</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331162937075.png" alt="image-20200331162937075"></p>
<h3 id="示例二：修改文件格式"><a href="#示例二：修改文件格式" class="headerlink" title="示例二：修改文件格式"></a>示例二：修改文件格式</h3><p>（通常是文件格式的简单修复，也就是说，一个文件，最直观的地方就是文件头和文件尾，文件修复通常是对<strong>文件头、文件尾</strong>做一个处理，一般是补全或者是更换来实现修复操作，这个我们主要熟悉常见的文件头和文件尾是非常容易完成的，有时也会涉及到像校验和的一些计算，都是对文件的修复工作）</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331163434940.png" alt="image-20200331163434940"></p>
<p>比如打开一个图片，提示如图所示：</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331163939011.png" alt="image-20200331163939011"></p>
<p>此文件此时处于损毁状态，可用winhex来查看一下这个图像，首先由后缀可看出应该是gif格式文件，虽然这个gif不一定代表真正的文件格式，但可以起到方向引导的作用</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331164250260.png" alt="image-20200331164250260"></p>
<p>看这个89A，如果联想GIF文件格式的话，就是gif文件的一个文件头，一般由GIF89A，或GIF87A构成，这里少了三个字节，所以补全，即插入三个字节（GIF）（在89A前面插入GIF）</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331164701994.png" alt="image-20200331164701994"></p>
<p>补全后另存为一张新的文件，其得到修复了，能够打开了，打开它，打开发现这个gif图跳转速率非常快，可使用<strong>Stegsolve</strong>来导入这张图片</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331164956572.png" alt="image-20200331164956572"></p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331165224366.png" alt="image-20200331165224366"></p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331165308449.png" alt="image-20200331165308449"></p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331165417871.png" alt="image-20200331165417871"></p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331165445234.png" alt="image-20200331165445234"></p>
<p>选中那个gif图片点开，然后逐帧查看一下它的每一个组成部分，可使用Analyse&gt;Frame Browser</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331165630255.png" alt="image-2020033116563025"></p>
<p>就可查看到每帧使用什么部分组成了，就可得到所需要信息，如下图为其中一帧：</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331170046879.png" alt="image-20200331170046879"></p>
<h3 id="示例三：文件间接拼接"><a href="#示例三：文件间接拼接" class="headerlink" title="示例三：文件间接拼接"></a>示例三：文件间接拼接</h3><p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331170713527.png" alt="image-20200331170713527"></p>
<p>（拼接的更多是一些有意义的数据，这些数据不能直接拿来保存成图片或文件，但可通过一些处理变成我们需要的一些信息，最常见的就是图片的一个base64的编码）</p>
<p>首先winhex导入一张png图片，发现文件最后并不是png文件最后的IEND数据块，所以可以选择搜寻一下IEND数据块（左上角有个搜索，点击它&gt;文本，出现如下，输入IEND</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331173808779.png" alt="image-20200331173808779"></p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331173852425.png" alt="image-20200331173852425"></p>
<p>从IEND这个数据块后数四个字节，到达png整个文件的结尾，再往后发现都是数据，</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331175331065.png" alt="image-20200331175331065"></p>
<p>可以看到给出的结构是是base64的编码形式，这种的可以有很多利用方式，最简单的利用方式可以直接把它拖动到浏览器上。选中从数据开始到整个结尾的全部部分，右击&gt;编辑&gt;复制选块&gt;正常（即直接复制ACSII码形式）</p>
<p>把这段数据复制到浏览器上，结果如下：</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331175057595.png" alt="image-20200331175057595"></p>
<p> 这里<img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331175232247.png" alt="image-20200331175232247"></p>
<p>有时会填一些十六进制的数据或者一些常见的编码形式，我们可以把这个地方提取出来，对它进行转换，查看一下转换之后的信息</p>
<h3 id="示例四：双图层叠加"><a href="#示例四：双图层叠加" class="headerlink" title="示例四：双图层叠加"></a>示例四：双图层叠加</h3><p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331175555713.png" alt="image-20200331175555713"></p>
<p>这个不是侧重于文件流，而是侧重于图像的处理，常见的是拿到图片后，stepslove导入之后，来回切几个通道，可能在某个通道写入一个二维码之类的，或者这个图片有个隐藏的图层，正常打开图像的时候显示不出来这个东西，但是通过一些图像软件打开之后就会发现其隐藏的图层。</p>
<p>比如：winhex打开一张png图片</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331180232045.png" alt="image-20200331180232045"></p>
<p>发现在这里看到了Photoshop软件处理过的标志，通常这类型的标志都会涉及到有关于图层方向的考察，可用Photoshop打开一下这种图片，打开后，它默认的在0号图层</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331180801663.png" alt="image-20200331180801663"></p>
<p>比如把一个含flag信息的图片嵌入进去，就拖动那个含flag信息的图片，拖到要嵌入的图片那，如下：</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331182654644.png" alt="image-20200331182654644"></p>
<p>可选择隐藏它</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331182800800.png" alt="image-20200331182800800"></p>
<p>变为如下：</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331182827924.png" alt="image-20200331182827924"></p>
<p>可通过调整图层顺序实现改变图像的显示效果</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331182946226.png" alt="image-20200331182946226"></p>
<p>关于图层隐藏的另一类考察方式：比如修改背景颜色的考察方式，比如QQ收到的图片，它略缩图是一个样（底色为白色），点开之后是另一个样（底色为黑色），这就是通过改变背景颜色实现（用黑色像素和白色像素各弄一张图片，然后把两张图片叠加在一起，就可以实现图片的这么一个变化效果）比如一张图片点开，然后再用浏览器点开，发现效果不一样，这就是通过修改底色来实现的。</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331183701112.png" alt="image-20200331183701112"></p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331183729992.png" alt="image-20200331183729992"></p>
<h3 id="示例五：双图像运算"><a href="#示例五：双图像运算" class="headerlink" title="示例五：双图像运算"></a>示例五：双图像运算</h3><p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200331183836842.png" alt="image-20200331183836842"></p>
<p>（经常出现的一种考察方式，这种考察方式套路主要为：如果拿到的是多张图片，一方面可能考察的是<strong>图像运算</strong>，另一方面可能考察的是<strong>信息拼接</strong>，如何区分？如果两张图片看起来完全相同或者看起来有关联，一般都在考察运算，如果两张图片看起来没有什么联系的话，很有可能就是在考察拼接）</p>
<p>如果是考察运算的话，会对两张图片进行比较（这里因为两个图片可能是有一张在另一张里提取出来的，比如说如果用winhex把含的那张的数据复制保存为新图片，别忘了再把这段隐含别的图片的这段数据删去，再把它也另存为一张独立的文件，即一张图片分两张了，再比较），用compare命令查看有哪些不同，若compare结果为一条横线，那么通常就是在考察<strong>异或运算</strong>（相同的地方异或结果为0，不同的地方异或结果非0）（当然，其他运算也可以，比如减运算：相同的数据做差之后就为零了）来求不同数据，运算的结果比如是两张图片不同的地方就是隐藏信息，而如果得到的运算结果图片中，它包含的是多条横线，很有可能就是在考察shu。。。(这没听清)</p>
<p>例子：</p>
<p>有一张实例图片，首先用<strong>binwalk</strong>分析一下。</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401162820947.png" alt="image-20200401162820947"></p>
<p>发现其中还包含其他的png图片，可用<strong>foremost</strong>命令分离出来</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401163056630.png" alt="image-20200401163056630"></p>
<p>发现除了原图还得到两张新生成的图片</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401163717381.png" alt="image-20200401163717381"></p>
<p>很明显是两张被拆开的图片，可以做个加运算</p>
<p>打开<strong>stepslove</strong>，导入其中一张图片，点analyse&gt;image combiner,导入另一张图片</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401164235983.png" alt="image-20200401164235983.png"> </p>
<p>打开之后就可以做一些运算了，这里做加运算。</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401165023091.png" alt="image-20200401165023091"></p>
<p>相当于是对两个图像做了一个加和，然后把结果保存成一个新图片</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401165633988.png" alt="image-20200401165633988"></p>
<p>之后把二维码尝试一下读取，可用下面这个软件。</p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401165732332.png" alt="image-20200401165732332">)<img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401165746558.png" alt="image-20200401165746558"></p>
<p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401165922612.png" alt="image-20200401165922612.png"></p>
<p>可见，得到了信息。</p>
<h3 id="示例六：一图分多图"><a href="#示例六：一图分多图" class="headerlink" title="示例六：一图分多图"></a>示例六：一图分多图</h3><p><img src="/2020/03/31/%E5%8F%8C%E5%9B%BE%E9%9A%90%E5%86%99/image-20200401170146733.png" alt="image-20200401170146733"></p>
<p>这个考点也是对前面那些考点的综合利用，对分离出来的每张图片的各自利用情况，比如说每张图片本身可以独立的分析出一些信息，那么很有可能就是在考信息拼接，如果每张图片没有办法分析出有效信息的话，那么很有可能考察的是多个图片的运算。</p>
<p>一般多图的话，尤其是五六张甚至更多，考察方式只有一个，一般就是<strong>信息拼接</strong></p>
<p>（即各自图片分析各自信息，然后把信息拼接起来）</p>

    </div>

    
    
    

      <footer class="post-footer">

        


        
    <div class="post-nav">
      <div class="post-nav-item">
    <a href="/2020/02/21/%E9%9A%90%E5%86%99%E6%9C%AF%E5%9C%A8CTF%E6%AF%94%E8%B5%9B%E4%B8%AD%E7%9A%84%E5%BA%94%E7%94%A8%E4%B9%8B%E6%96%87%E6%9C%AC%E9%9A%90%E5%86%99/" rel="prev" title="隐写术在CTF比赛中的应用之文本隐写">
      <i class="fa fa-chevron-left"></i> 隐写术在CTF比赛中的应用之文本隐写
    </a></div>
      <div class="post-nav-item">
    <a href="/2020/04/02/%E5%85%B3%E4%BA%8Ebinwalk/" rel="next" title="关于binwalk">
      关于binwalk <i class="fa fa-chevron-right"></i>
    </a></div>
    </div>
      </footer>
    
  </article>
  
  
  

  </div>


          </div>
          

<script>
  window.addEventListener('tabs:register', () => {
    let activeClass = CONFIG.comments.activeClass;
    if (CONFIG.comments.storage) {
      activeClass = localStorage.getItem('comments_active') || activeClass;
    }
    if (activeClass) {
      let activeTab = document.querySelector(`a[href="#comment-${activeClass}"]`);
      if (activeTab) {
        activeTab.click();
      }
    }
  });
  if (CONFIG.comments.storage) {
    window.addEventListener('tabs:click', event => {
      if (!event.target.matches('.tabs-comment .tab-content .tab-pane')) return;
      let commentClass = event.target.classList[1];
      localStorage.setItem('comments_active', commentClass);
    });
  }
</script>

        </div>
          
  
  <div class="toggle sidebar-toggle">
    <span class="toggle-line toggle-line-first"></span>
    <span class="toggle-line toggle-line-middle"></span>
    <span class="toggle-line toggle-line-last"></span>
  </div>

  <aside class="sidebar">
    <div class="sidebar-inner">

      <ul class="sidebar-nav motion-element">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <!--noindex-->
      <div class="post-toc-wrap sidebar-panel">
          <div class="post-toc motion-element"><ol class="nav"><li class="nav-item nav-level-1"><a class="nav-link" href="#双图隐写"><span class="nav-number">1.</span> <span class="nav-text">双图隐写</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#考察形式"><span class="nav-number">1.1.</span> <span class="nav-text">考察形式</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#双图隐写原理"><span class="nav-number">1.2.</span> <span class="nav-text">双图隐写原理</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#图像格式拼接"><span class="nav-number">1.2.1.</span> <span class="nav-text">图像格式拼接</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#图层叠加"><span class="nav-number">1.2.2.</span> <span class="nav-text">图层叠加</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#图像运算"><span class="nav-number">1.2.3.</span> <span class="nav-text">图像运算</span></a></li></ol></li><li class="nav-item nav-level-2"><a class="nav-link" href="#相关考点分析"><span class="nav-number">1.3.</span> <span class="nav-text">相关考点分析</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#示例一：文件直接拼接"><span class="nav-number">1.3.1.</span> <span class="nav-text">示例一：文件直接拼接</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#文件分离"><span class="nav-number">1.3.1.1.</span> <span class="nav-text">文件分离</span></a></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#示例二：修改文件格式"><span class="nav-number">1.3.2.</span> <span class="nav-text">示例二：修改文件格式</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#示例三：文件间接拼接"><span class="nav-number">1.3.3.</span> <span class="nav-text">示例三：文件间接拼接</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#示例四：双图层叠加"><span class="nav-number">1.3.4.</span> <span class="nav-text">示例四：双图层叠加</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#示例五：双图像运算"><span class="nav-number">1.3.5.</span> <span class="nav-text">示例五：双图像运算</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#示例六：一图分多图"><span class="nav-number">1.3.6.</span> <span class="nav-text">示例六：一图分多图</span></a></li></ol></li></ol></li></ol></div>
      </div>
      <!--/noindex-->

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
  <p class="site-author-name" itemprop="name">YQ Cong</p>
  <div class="site-description" itemprop="description"></div>
</div>
<div class="site-state-wrap motion-element">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
          <a href="/archives/">
        
          <span class="site-state-item-count">13</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
  </nav>
</div>



      </div>

    </div>
  </aside>
  <div id="sidebar-dimmer"></div>


      </div>
    </main>

    <footer class="footer">
      <div class="footer-inner">
        

<div class="copyright">
  
  &copy; 
  <span itemprop="copyrightYear">2020</span>
  <span class="with-love">
    <i class="fa fa-user"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">YQ Cong</span>
</div>
  <div class="powered-by">由 <a href="https://hexo.io/" class="theme-link" rel="noopener" target="_blank">Hexo</a> 强力驱动 v4.2.0
  </div>
  <span class="post-meta-divider">|</span>
  <div class="theme-info">主题 – <a href="https://muse.theme-next.org/" class="theme-link" rel="noopener" target="_blank">NexT.Muse</a> v7.7.1
  </div>

        








      </div>
    </footer>
  </div>

  
  
  <script color='0,0,255' opacity='0.5' zIndex='-1' count='99' src="/lib/canvas-nest/canvas-nest.min.js"></script>
  <script src="/lib/anime.min.js"></script>
  <script src="/lib/velocity/velocity.min.js"></script>
  <script src="/lib/velocity/velocity.ui.min.js"></script>

<script src="/js/utils.js"></script>

<script src="/js/motion.js"></script>


<script src="/js/schemes/muse.js"></script>


<script src="/js/next-boot.js"></script>




  















  

  

</body>
</html>
